Currently, a generally used manner of transmitting a virus is: first obtaining a system write permission by using a vulnerability of an operating system or a third-party application, and then injecting a malicious redirection website address into page code of a legal website. A current solution for detecting whether a website is infected mainly is: crawling website content externally, and then scanning page content to determine whether malicious code exists. Such methods such as a safeweb technology of the symantec and a siteadvisor technology of the McAfee are very typical.
An external detecting system based on a crawling technology has problems such as non-real-time performance, a false negative, and a false positive. A virus has a strong transmissibility, and can infect a large quantity of websites in a short time. When website content is crawled externally, all website content cannot be crawled in a short time, and therefore, security of a website cannot be detected in real time; as a result, an infected page may be incorrectly reported as still being safe due to the non-real-time performance, leading to a false positive.
A current website development manner basically is dynamically loading a large quantity of database content for a small quantity of source code. Currently, there are relatively mature solutions for security of database content, such as prevention of SQL injection and an XSS cross-site attack, but protection on source code is insufficient; and this part is also a point of attack of malicious website address injection.